How to setup SSL/TLS for SMTP and HTTP in SecurityGateway
This article explains how to setup SecurityGateway to allow incoming connections to use SSL to connect securely to the server, connect to remote servers using TLS, and to allow users to connect via secure-HTTP to the GUI.
From the Dashboard, after logging in with a global administrator account:
- Click on Setup/Users on the left navigation menu
- Select System
- Click on Encryption
To use SSL, you must have a certificate, either one that has been generated and signed by SecurityGateway, or one issued by a third-party service such as VeriSign. To create a new SSL certificate, click the 'New' button in the bottom window, and fill in the information in the pop-up window as appropriate.
By default, SecurityGateway creates certificates with a 2048 encryption key-length. You may choose between 1024, 1536, 2048, and 3072 in key-length.
If you have any certificates created by a third-party, make sure they have been imported into the server's Windows certificate store, and they will show in the certificate window. For information on how to import certificates into Windows, see the related article below.
Once the SSL certificate is created and active, you may then enable SSL/TLS/HTTPS by checking the box next to 'Enable SSL, STARTTLS, STLS support for SMTP'. If you wish to send messages to remote servers using TLS as well, enable 'Send messages with STARTTLS whenever possible'.
KBA-02173 Creating a Certificate Signing Request and Importing a Third-Party SSL Certificate for MDaemon Using Certreq.exe
KBA-01934 How do I access the SecurityGateway server securely through SSL?